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What is a WLAN? What Is 802.11? 


Wireless LANs (WLANs) are LANs that use RF instead of cable or 
optical fiber 
Allows high-speed data transfer without wires or cables 


Supports typical enterprise applications (e-mail, file transfer, audio/video 
conferencing, etc) 


First introduced in 1999, evolved from legacy RF data technologies such as 
Hiperlan 


120 million ports of WLAN shipped worldwide last year (virtually all laptops have 
WLAN interfaces now) 


+ IEEE 802.11-1999 is the basic standard governing wireless LANs 


e Standardized by the IEEE 802.11 group, which is a working group in the IEEE 
802 LAN/MAN Standards Committee (LMSC) 


e Formed in 1991 to standardize a 1 Mb/s RF-based data network technology 
e Completed its work in 1999 with the first 802.11 wireless LAN standard 
e Now driving almost all WLAN technology development worldwide 
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Pros and Cons of 802.11 


Pros.. 

< Mobility 

4 Compatible with IP networks 
High speed data connectivity 
Unlicensed frequencies 
“Highly secure 

4 Easy and fast installation 

= Simplicity 

+: Scalability 

+ Very low cost 


Cons.. 


“ Shared-medium technology — 
bandwidth limited by RF 
spectrum 


“Limited number of non- 
overlapping channels 


“ Multipath effects indoor 


“ Interference in the 2.4 GHz 
and 5 GHz bands 


+ Limited QoS 
“ Power control 
“High overhead MAC protocol 
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Basic 802.11 Operation 


#“WLAN network topology 

“Channel scanning and synchronization 
Authentication and association 

“Data transfer mechanism 
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WLAN Network Topologies 
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1. Scanning is the first step for the MC 
(Mobile Clients) to join an APs 
network. 

2. Inthe case of passive scanning the 
client just waits to receive a Beacon 
Frame from the AP 

3. MC (Mobile Clients) searching for a 
network by just listens for beacons 
until it finds a suitable network to join. 
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Active Scan 


The MC (Mobile Clients) tries to locate an 
AP by transmitting Probe Request Frames, 
and waits for Probe Response from the AP. 
The probe request frame can be a directed 
or a broadcast probe request. 

The probe response frame from the AP is 
similar to the beacon frame. 

Based on the response from the AP, the 
client makes a decision about connecting to 
the AP 
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Synchronization 


+ Necessary for keep all the clients synchronized with the AP in order for the 
clients to perform functions like power save. 


+ AP periodically transmits special type of frames called Beacon Frames 


+ The beacons contain the timestamp of the AP. The clients synchronize their 
clocks with the APs clock using this timestamp. 


“The AP also uses the beacon to advertise its capabilities and this information is 
used by the passively scanning clients to make a decision to connect to the AP. 


+ The AP advertises its capabilities in the form of Information Elements (IEs) in 
beacon frames 


+*+ Some of the IEs are: SSID, channel, Supported Rates, WPA IE, EDCA IE 
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FH Parameter Set The FH Parameter Set information element is present within Beacon 
frames generated by STAs using frequency-hopping PHYs. 
7 DS Parameter Set The DS Parameter Set information clement is present within Beacon 
frames generated by STAs using direct sequence PHY's. 
CF Parameter Set The CF Parameter Set information element is only present within 
Beacon frames generated by APs supporting a PCP, 
IBSS Parameter Set The IBSS Parameter Set information clement is only present within. 
Beacon frames generated by STAs in an IBSS. 


TIM The TIM information element is only present within Beacon frames 
generated by APs. 
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802.11 Authentication 


eThe station first needs to be authenticated by the AP in order to join the APs 
network. 


°802.11 defines two authentication subtypes: Open system and shared key 


= Commumecaton Process 
Communication Process 
Chent A request to authentcate is Access Point 
Client A request to Access Point 6 sent to the access point | | 
authenticate is sent ee a 
> to the access point | 4 4 a SS 
4 he access 
cs 7 sends a challenge phrase 


The access point 
authenticates The client encrypts the 
phrase and sends 4 back 


The client connects 
to the network The access point 
i verifies the phrase and if they 
enticates 


> 


The client connects 
to the network 


Open Authentication Shared Key Authentication 


A sends an authentication Uses WEP Keys 
request to B. Considered more insecure than 
B sends the result back toA open system 
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802.11 Association 
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+ Next Step after authentication 

+ Association enables data transfer between MC 
(Mobile Clients) and AP. 

+ The MC (Mobile Clients) sends an association 


De Authentication 
Notification 


request frame to the AP who replies to the client "Siale 2 ) Class 182 
í ee i i “A Frames 
with an association response frame either Deauthentication ( Authenticated, iiia 
: f . ee notification i Unassociaied 
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Asociation or Noli fication 


* Once the association is successful, the AP 


issues an Association ID to the client and adds Reamocistion oe 
the client to its database of connected clients. Stale 3 3 Frames 
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Data Transfer 


+ Data transfer allowed only after authentication 
and association. 


* Attempting to send data to an AP without proper 
authentication and association causes AP to 
respond with a de-authentication frame. 


+ Data frames are always acknowledged. If a client 
sends a data frame to an AP, the AP must send 
an acknowledgement. If the AP sends a data 
frame to a client, the client must send an 
acknowledgement 


= The AP will forward data frames received from 
the client to the required destination on the wired 
network. It will also forward data directed to the 
client from the wired network. APs can also 
forward traffic between two clients, but this is not 
common. 
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IEEE 802.11 Protocol Architecture 


*+ MAC Layer: oo 
e Provides access to contention based and 
contention-free traffic on different kinds of Data Link 
| Layer MAC 
physical layers. MAC | Management 


e MAC layer responsibilities are divided into 
MAC sub layer and MAC management sub-layer. Physical 

< MAC sub layer defines access mechanisms layer 
and packet formats. eee nee 

< MAC management sub-layer defines 
power management, security and roaming services. 

+ PHY Layer: 
e The Physical layer is divided into three sub layers 


e The PLCP acts as an adaption layer The PLCP is responsible for CCA and building 
packets for different physical layer technologies 


e The PMD layer specifies modulation and coding techniques 
e The PHY management layer takes care of the management issues like channel tuning. 


e Station management sub layer is responsible for co-ordination of interactions between the 
MAC and PHY layers 
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PLCP PHY 
PMD | Management 
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The 802.11 PHY (RF) Layer 


“Radio channels and frequencies 

“Modulation technologies 

PHY data rates used 

Improving data transfer: diversity and polarization 
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Frequency Channel Allocation for 802.11al/b/g 


UNII 
ISM IEEE & FCC: 
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802.11 (b)(g) (US) Channels 


10 100 1 10 
MHz MHz GHz GHz 


802 lla 2.401 GHz 2.473 GHz 


Band Channels Use 


5.15 GHz to 8 channels (36, 40, 44, 48, 52, Band is common between Europe and the US. It's 
5.35 GHz 56, 60, 64) used in almost every European country. 


5.47 GHz to 11 channels (100, 104, 108, 112, | Band is currently available throughout all 


5.725 GHZ 116, 120, 124, 128, 132, 136, European countries. The band is expected to 
140) become widely available throughout the United 
States sometime in 2006. 


5.725 GHz to | 5 channels (149, 153, 157, 161, Band is available in U.S., Canada, and China but 
5.85 GHz 165) is not permitted in the EU. 
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Physical Layer Technologies 


Amplitude or 


Power Spectral Density supra 


Narrow band 
Interference 


3 Direct Sequence Spread Spectrum 

< Spreads a signal power over a wider band of frequencies 

< Frequency spectrum of a data-signal is spread using a code 
uncorrelated with that signal Frequency 

e Codes used for spreading have low cross-correlation values and are unique to every user 

e Sacrifices bandwidth to gain signal-to-noise performance 

< Both the transmitting and receiving are done on a 22 MHz wide set of frequencies 

e 1,2,5.5 and 11 Mbps data rates supported for 802.11b 

e channels 1,6 and 11 are non overlapping channels and can be used for co-location 


+ Orthogonal Frequency Division Multiplexing (OFDM) 
< A special form of multicarrier modulation. Used for 802.11a and 802.11g 


e Transmit broadband, high data rate information by dividing the data into several interleaved, parallel bit 
streams modulated on a separate sub-carrier 


< Robust against the adverse effects of multipath propagation and ISI 
< Provides several modulation and coding alternatives to adapt to the channel quality 


e Using adequate channel coding and interleaving we can recover symbols lost due to the frequency 
selectivity of the channel. 


Noise Level 
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PHY Data rates for 802.11al/b/g 


“ 802.11b 


e Supports 1, 2, 5.5 and 11 Mbps data Data Rate Code Length Modulation SymbolRate Bits/Symbol 
rates in the 2.4 GHz ISM band 1 Mbps 11 (Barker Sequencò) | BPSK 1 MSps 1 

e Backward compatible with the original 2Mbps 11 (Barker Sequence) QPSK 1 MSps 2 
802.11 DSSS systems. 5.5 Mbps 8 (CCK) QPSK 1375 MSps 4 

e Uses Complementary Code Keying 11 Mbps 8 (CCK) QPSK 1375 MSps 8 
(CCK) modulation for 5.5 and 11Mbps 
rates 

:802.11a 


eIncompatible with devices operating in 2.4GHz 

eUses OFDM technique and supports Data rates up to 54 Mbps. 

eUses combinations of various modulation and coding rates to achieve the different 
PHY rates 


16QAM 
16QAM a RG Mbps BO 
64QAM Cee ES (270 nmmn 
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Antenna Diversity and Polarization 


Antenna Diversity 


Scheme devised to compensate multipath effects by using multiple antennas 

The incoming RF signal is received through one antenna at a time. 

The receiving radio constantly samples the incoming signals from both the antennas to 
determine the higher quality signal. 

The receiver radio then chooses to accept the higher quality signal. 

The receiver transmits its next outgoing signal out of the antenna that was last used to 
receive an incoming signal because the received signal was a higher quality signal than 
from the other antenna. 


“Polarization 


Radio wave made up of electric and magnetic fields which are in perpendicular planes to 
each other 

Horizontal polarization when electric field is parallel to ground 

Vertical polarization when electric field is perpendicular to ground 

Antennas that are not polarized in the same way may not be able to communicate with 
each other effectively. 
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The 802.11 MAC (Frame) Layer 


Framing data to be transmitted 

Spacing between frames 

Avoiding collisions: carrier sensing 
“Avoiding collisions: the backoff algorithm 
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802.11 Frame Format 


SC = Sequence control 


1 
Protocol To |Fre 
Ki. | os [os] MP rf kasad mow | 


DS = Distribution system MD = More data 
MF = More fragments W = Wired equivalent privacy bit 
RT = Retry O = Order (b) Frame control field 


PM = Power management 


“ Management Frames 


e Beacon, Probe request, Probe Response, Authentication, Association Request, 
Association Response, Deauthenticate, Disassociate, Reassociation request, 
Reassociation response, 


“< Control Frames: 

e RTS, CTS, Acknowledgment, PS-Poll 
“ Data Frames: 

e Data, Null frame 
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Inter Frame Spaces (IFS) 


<“ The Inter Frame Spaces define the minimum time that a station needs to wait 
after it senses the medium free. 


“ The concept of IFS was introduced to enable different priority levels for 
transmission. 


“The smaller the IFS, the higher the priority 


“ Various Inter Frame Spaces are defined to assign different priorities (SIFS, 
PIFS, DIFS) 


Immediate access when medium is free >= DIFS 
DIFS _DIFS 


Select Slot and Decrement Backoff as long 
as medium is idle 


veriwave’ 


Carrier Sensing 


‘+: Physical Carrier Sensing 
e Uses CSMA/CA scheme 


e Each station detects activity on the channel by 
analyzing the signal from other clients in the network. 

e All the clients connected to the same AP are considered 
to be in a common contention zone. 

e Ifa station is not able to detect any signal then it | 
assumes that none of the other stations are transmitting 
and hence starts transmitting. 


e This scheme faces hidden terminal problem. 


+ Virtual Carrier Sensing a a 
` i 4 e.+® s: 

e This scheme uses CTS and RTS CO YU WW ! F 

e When a MC (Mobile Client) wants to transmit data, it ee inn ad aaa 
sends an RTS packet which includes the source, __ — 
destination and the duration of the following transaction Sm 

e Destination responds with CTS which includes the same P=] 
duration information 

° All stations receiving either CTS or RTS set their NAV TT ak 
for the given duration and don’t try to transmit for that 
time 
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Backoff Algorithm 


* Each station senses the channel for an additional random time after detecting the channel as 
being idle for a minimum duration of DIFS. 


+ Only if the channel remains idle for this additional random time period, the station is allowed to 
initiate the transmission. 


+ Each station maintains a CW, which is used to determine the number of slot times a station has to 
wait before transmission. 


+ A backoff counter is maintained which counts the slots from the random time chosen to zero 
downwards. 


+ The Backoff Counter is decreased as long as a slot time is sensed as idle and it is frozen when a 
transmission is detected. 


4 As soon as the Backoff Counter reaches the value Zero the station transmits its own frame 

+ After any unsuccessful transmission attempt, another backoff is performed with a doubled size of 
the CW. 

+ This reduces the collision probability in case there are multiple stations attempting to access the 
channel 
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Security in 802.11 WLANs 


“Framing data to be transmitted 

Spacing between frames 

Avoiding collisions: carrier sensing 
“Avoiding collisions: the backoff algorithm 
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Common WLAN Attacks 


Passive Attacks: eavesdropping 


e Wireless LAN sniffers can be used to gather 
information about the wireless network from 
a distance with a directional antenna. 

e These applications are capable of gathering 
the passwords from the HTTP sites and the 
telnet sessions sent in plain text. 

e These attacks do not leave any trace of the 
hacker’s presence on the network PA 

+ PHY Layer attacks: RF Jamming 


NEET 
e The hacker can use a high power RF signal miei d 4 LAS @ i 


generator to interfere with the ongoing ada NAN NG Generate 
wireless connection, making it useless. ae e 
e Can be avoided only by physically finding the > “> 


jamming source 
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WLAN Attacks, Contd... 


3 Active Attacks: hacking 


e Hacker can connect to the network F Server Į m an 
through the wireless LAN and obtain an l ; wien 


* ae gece. 
IP address form the DHCP server. p acs ae 
e A business competitor can use this kind E ines 
of attack to get the customer information "E a j Span Pete Rumning 


which is confidential to an organization 


$ Man-in-the-Middle Attack 


e A hacker may use an rogue AP to hijack ts 
mobile nodes by sending a stronger SS ge 
signal than the actual AP is sending to Q... j || 
those nodes. er H ; 

e The MC (Mobile Client) then associates T- by Se 
with the rogue AP, sending its data into 7 > 
the wrong hands. saping bli an ened to Ma eat 
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WLAN Security Solutions 


4 The two mains aspects of security are privacy and confidentiality 

4 In 802.11 the privacy problem is solved by robust mutual authentication mechanisms 
and the confidentiality problem is solved by encryption methods. 

+ Some of the existing and the newly introduced (by 802.111) authentication and 
encryption methods are listed below: 


$+ WEP-Open + DWEP-EAPITLS 

“ WEP-SharedKey + DWEP-PEAP/MSCHAPv2 
$ WPA-PSK 3 LEAP 

$ WPA-EAPI/ITLS + WPA-LEAP 


$ WPA-EAPI/TTLS-GTC 

$+ WPA-PEAP/MSCHAPv2 
<“ WPA-EAP/FAST 

$+ WPA2-PSK 

+ WPA2-EAPI/TLS 


+ WPA2-LEAP 

+ WPA-PSK-AES 

+ WPA-EAPI/TLS-AES 

+ WPA-PEAP/MSCHAPv2-AES 


+ WPA2-EAPITTLS-GTC 4 WPA2-PSK-TKIP 


+ WPA2-PEAP/MSCHAPv2 # WPA2-EAPITLS-AES 
+ WPA2-EAP/FAST + WPA2-PEAP/MSCHAPVv2-TKIP 
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WEP Encryption and Drawbacks 


64 and 128 bit keys are used for authentication and encryption of data 
“ WEP protocol is fundamentally weak because it uses a static encryption key. 


Motivated attackers can easily crack WEP encryption by using freely 
available hacking tools. 


“< The determination and distribution of WEP keys are not defined 


“No defined mechanism to change the WEP key either per authentication or 
periodically for an authenticated connection 


“No mechanism for central authentication, authorization, and accounting 


integrity Chack Value (ICV) 


Message 
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Server Based Authentication 


“A possible solution for the security problem is maintaining centralized key servers like a 
RADIUS server for centralized key generation and distribution. 


<“ This would reduce the overhead of maintaining the key information of all the clients at the 


+ With RADIUS, authentication is user-based rather than device-based, so, for example, a 
stolen laptop does not necessarily imply a serious security breach. 

<“ RADIUS eliminates the need to store and manage authentication data on every AP on the 
WLAN, making security considerably easier to manage and scale. 

* Steps for Authenticating with RADIUS server 
e The WLAN Client (the “Supplicant”) tries to access network. [EAPOL] 
e The AP (the “Authenticator”) responds to requests, and will ask client for identity. [EAPoL] 
e Client responds with identity to AP [EAPoL] 
e AP will forward Access-Request to RADIUS server with the user's identity. [RADIUS] 


e RADIUS server will respond with a challenge to AP. The Challenge will indicate the EAP 
authentication-type requested by the server [RADIUS] 


< AP forwards challenge to client [EAPoL] 


e If Client agrees to EAP-type, then negotiation will continue; if not, client will NAK request and suggest 
an alternative method. [EAPoL] 


< AP forwards response to RADIUS server. [RADIUS] 


e If these credentials are correct, the RADIUS server accepts the user. If not, the user is rejected. An 
Access-Accept or Reject is sent. [RADIUS] 


e If authentication succeeds, AP connects client to the network. 
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Server-based security: 802.1x / 802.111 


Station Access 
Point 


Wireless Authentication 


Station Point Server 


AP 
4-Way Handshake 
STA 802.1X blocks port AP 802.1X blocks port for PMK Q 
for data traffic data traffic Pick 


EAPoL-Key(Reply Required, Unicast, ANonce) 


Pick Random SNonce, Derive PTK = EAPoL-PRF( , ANonce | 
SNonce | AP MAC Addr | STA MAC Addr) 


EAPoL-Key(Unicast, SNonce, , STA RSN IE) 
Derive PTK 


EAPoL-Key(Reply Required, Install PTK, 
Unicast, ANonce, , AP RSN IE) 


EAPoL-Key(Unicast, ) 
Install TK Install TK 
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Advanced Topics 


“Load Balancing and Rate Adaptation 
“Power Management 

Roaming 

‘:Quality of Service 

“The next-generation WLAN: IEEE 802.11n 
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Load Balancing and DRS 


+ Load Balancing 
e Important issue in areas of heavy traffic 
e In multicell structure having heavy traffic, several co- 


Access PointA 
| Channel 1 


Ya 
b 7 > 
Access Point 8 7 


located APs can cover the same region to increase the Channel 11 | *‘@ 

throughput. o Sr Te 
e The clients having load balancing functionality Ge ý Se ^ 

configured can automatically associate with the AP that B © © 


is less loaded and provides the best quality of service. 


“ Rate Adaptation (dynamic rate shifting) 


e Speed adjusted dynamically depending on the distance 
and the signal strength 

e As the distance between the AP and the MC (Mobile 
Client) increases, the signal strength will decrease to a 
point where the current data rate cannot be maintained . 

e when the signal strength decreases the transmitting unit 
will drop its data rate to the next lower data rate in order 
to maintain a reasonable SNR. 
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Power Management 


+ Power save very important on battery operated 802.11 devices. 

+ Power-management schemes place a client in sleep mode when no activity occurs 

+ The MC (Mobile Client) can be configured to be in continuous aware mode (CAM) or 
Power Save Polling (PSP) mode. 

$ In the PSP mode, the client can go to sleep by informing the AP when there is no 
activity. 

“ The APs buffers any data directed to the client when the client is asleep. 


. Cieni goes lò deep 

| Pesen paini marks client asleep 

. Access point buffers dient packets 

4. Cieri wakes up, notifies access point 
. Aocees point telle clent data is wailing 
6. Cieni requests data 

7. Abbasa paint sande data 
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WLAN Roaming 


%4 Roaming can be defined as the client moving between APs advertising the same or similar wireless 
network. 


+ Since the WLAN clients are mobile and coverage range of a single AP is limited, roaming happens 
whenever the client passes the boundaries of a WLAN cell. 


< The roaming protocol should be implemented effectively in order to cause very minimal delays during 
the handoff. 


* The clients usually make the roaming decisions by scanning the various available wireless networks at 
all times and trying to connect to the best available network. 


+ Decision to roam can be made on various factors such as RSSI, Number of missed beacons, SNR, 
frame errors etc.. 


+ When a decision is made to roam the client can authenticate and associate with the new AP and 
continue its data communication through the new AP. 


* Roaming when security is enabled would involve setting up a new security session with the new AP 


5. Choose AP 
with strongest 
response 


a a ara AN! 
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Fat AP Vs Thin AP 


+ Fat AP Model 
e Standalone APs which perform all 802.11 MAC and PHY functionalities. 


e The APs pretty much work independent of each other except for limited inter-access point 
communication through IAPP and WDS. 


e Fat APs are costly. 


“ Thin AP Model 
e The AP only performs the PHY and lower MAC layer functions like ACKing and MAC retries. 


e All thin APs connect to a centralized switch and the switch performs all the upper MAC functions like 
client connections, security states, encryption keys, QoS policies, bandwidth management etc.. 
< Advantages 


Manage and configure all the APs centrally through a WLAN switch/controller. 
The AP hardware is cheaper and in large deployments this can cut a lot of cost. 


The wireless switches can enforce network policies, network security and Quality of Service rules 
for applications such as IP telephony in a centralized fashion. 

Since client connection and security state is maintained by the AP and not the switch, the clients 
can seamlessly roam between all the APs connected to the same switch without re-authenticating 
with the new AP. 


Thin AP model allows implementation of radio resource management, load balancing, rogue AP 
detection etc... 
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Quality of Service (802.11e) 


* QoS needed to support triple play 
traffic 
+ The IEEE 802.11e standard defines 
enhancements to support quality of 
service for the traditional 802.11 MAC Broadband 
protocol connection 
+ Introduces Enhanced Distribution 
Coordination Channel Access (EDCA) 
and Hybrid Coordination Channel 
Access (HCCA) 
* QOS is supported with the introduction of Traffic Categories (TCs). 
* In order to introduce priorities the CW sizes and IFS values are set differently for each 
TC. 
+ Each Traffic Queue within the stations contends for a transmission opportunity (TXOP) 
and independently starts a backoff after detecting the channel is idle for an Arbitration 
Inter frame Space (AIFS) 
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802.11e Contd... 


+ Each client station has 4 queues for Man kang dawan 
different traffic types: Volce, Video, Voice Video | | Best | Background 
Best Effort and Background. Assign ii = | iii 

< The higher the AC, the higher the al 
probability to transmit. 

+ The ACs were designed to sieved 
correspond to 802.14 priorities ah 

= The client has an internal collision | 
resolution mechanism to address 
collision among different queues, voce Ee soe 
which selects the frames with the 
highest priority to transmit. "e pee A 


Opportunity to Transmit (TXOP). 


$ Most AP vendors today implement es ? — aaa caer 


the WMM spec which is EDCA only Psi, = rn 
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802.11n 


The scope of TGn's objective is to define modifications to the Physical Layer and Medium Access Control 
layer (PHY/MAC) that deliver a minimum of 100 Mbps throughput at the MAC SAP. 


> Increasing the physical transfer rate of wireless systems by using multiple antenna systems for both the 


transmitter and the receiver. This technology is referred to as multiple-input multiple-output (MIMO), or 
smart antenna systems. 


MIMO technology offers the ability to coherently resolve information from multiple signal paths using 
spatially separated receive antennas. 


Possible use of wider (40MHz) channels to achieve higher data rates. 


|| 1 || 1 
i Analog Front | i Analog Front | 
b End HAW i ' End H/W i 
ı duplication 1 Signal 1 ' duplication =; 
Data | iM Sf: | Data 
|| 1 I 1 
| 1 || 1 
—» Wireless i : i Wireless 
Transmitter Wi eo | Receiver 
| 1 || 1 
1 || 
' ĝ || 1 


Use more complex modulation and coding techniques to improve spectral efficiency and hence increase 
the data rates. 


> MAC layer improvements such as aggregating multiple MAC Protocol Data Units (MPDUs) into single PHY 


Protocol Data Units (PPDUs). 


Acknowledging multiple MPDUs with a single block acknowledgement (Block ACK) in response to a block 
acknowledgement request (BAR) 
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A Rapidly Evolving Technology 


“Fast Roaming (less than 50 msec => no call drops) 
Advanced Security 

“Automatic Radio Resource Management 

“Mesh Networks 

Wireless Network Management 

Wireless Access In a Vehicular Environment (WAVE) 


‘Roaming Across Heterogeneous Networks (802.11, 
802.16, 3G, etc) 


etc. 
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802.11 Standards and TGs 


+ 802.11a - 54 Mbps standard, 5 GHz signaling (ratified 1999) 

* 802.11b - 11 Mbps standard, 2.4 GHz signaling (1999) 

+ 802.11c - operation of bridge connections (moved to 802.1) 

* 802.11d - worldwide compliance with regulations for use of wireless signal 
spectrum (2001) 

* 802.11e - Quality of Service (QOS) support (2005) 

+ 802.11f — Inter access point protocol to support roaming clients (2003) 

* 802.114 - 54 Mbps standard, 2.4 GHz signaling (2003) 

=“ 802.11h - Enhanced version of 802.11a to support European regulatory 
requirements (2003) 

802.11) - Security improvements for the 802.11 family (2004) 

* 802.11j - Enhancements to 5 GHz signaling to support Japan regulatory 
requirements (2004) 

“= 802.11k - WLAN system management (in progress) 

* 802.11] - Skipped to avoid confusion with 802.111 

3 802.11m - Maintenance of 802.11 family documentation 

$ 802.11n - Future 100+ Mbps standard (in progress) 
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* 802.110 — Voice over WLAN, faster handoff, prioritize voice traffic over data (in 
progress) 

** 802.11p — Using 5.9GHz band for ITS (long range) (in progress) 

 802.11q — Support for VLAN (in progress) 

* 802.11r — Handling fast handoff when roaming between APs (in progress) 

* 802.11s — Self-healing/self-configuring mesh networks (in progress) 

* 802.11t - Wireless Performance Prediction (in progress) 

* 802.11u - Interworking with External Networks 

“ 802.11v - Wireless Network Management standard (in progress) 

+ 802.11w - Protected Management Frames standard (in progress) 

$ 802.11x — Summarize all 802.11 standards, but it is not a standard. 

** 802.11y - Contention Based Protocol Study Group (in progress) 
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WLAN testing 


: RE level testing 

“ Protocol Conformance Testing 
“ Performance Testing 

+ Interoperability Testing 

“ Functional Testing 

“ Management/Data plane testing 
* Stress/Load Testing 

* Scalability Testing 

* Testing QOS support 

<“ Testing security protocols 

$ VoIP over WLAN testing 

“ Testing Roaming 

“ Testing Rate Adaptation 

“ Testing mixed mode networks 

* Testing for protection against security attacks 
“ Deployment Testing, site survey 
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WLAN Performance Metrics 


+ Primary Metrics 
Primary metrics are defined as the performance metrics that directly affect 
the quality of the application layer traffic. 
R-values/MOS score, Jitter, packet loss, number of dropped calls in the 
case of voice 

e Connection setup time, Layer 4 through 7 throughput, latencies, frames 

loss etc...in the case of other application layer data traffic. 

+ Secondary metrics 


e Secondary metrics are defined as the performance metrics at layer 2 that 
indirectly affect the performance of any application running on the top of the 
layer 2 WLAN protocol. 

e Secondary metrics include, Throughput, Frame loss, latency and 
forwarding rate at the 802.11 layer 

e It can be argued that an AP performing well at layer 2 will perform well at all 
the layer above. 

“Both primary and secondary metrics are considered to be 
important for performance testing. 
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WLAN testing today 


+ Mainly interoperability (Wi-Fi certification) 

+ Wi-Fi certification only tests for interoperability of the APs and NIC cards, which means if an 
AP interoperates with most of the common NIC cards with a reasonable throughput, the AP 
passes the certification 


+ No real performance testing being done, because of lack of proper performance test 
equipment. 


Performance Testing done using racks of real laptops running Chariot or similar traffic 
generators. 


No real way of synchronizing the traffic from all the laptops and hence the tests are never 
repeatable. 


+ Because of use of off the shelf equipment and protocol stacks of PCs, the test results are 
affected by a number of variables. 


+ Off the shelf equipment cannot generate traffic at full rate and hence cannot stress the DUT. 


+ Roaming testing done by placing laptops on carts or turn tables and moving them around 
which requires a lot of man hours. 


+ VoIP testing is being done by having real phones connect to the APs and having multiple 
people talk on the phones for long periods of time and providing a subjective analysis of the 
voice quality. 

= Controlled RF environment for testing is a requirement. 
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VeriWave Application Classification 


“WaveTest system applications are broadly classified 
into five categories: 
e Data Plane 
e Control Plane / Security 
e QoS and VoIP 
e Muni WiFi Mesh 
e Hybrid 
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Data Plane Applications 


Unicast Throughput 
Unicast Forwarding Rate 
Unicast Packet Loss 
Unicast Latency 

Multicast Forwarding Rate * 
Multicast Roaming * 

TCP Goodput 

“Power Save Throughput 


* available as script 
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Control Plane / Security Applications 


‘Roaming Benchmark 

‘Roaming Stress 

“Client Association Database Capacity 

“AP Load Balancing * 

Connection Stress Test * 

Concurrent Connections Test * 

Thin AP Failover Test * 

802.11 Frame Generator | Attack Generator 
AAA Server | RADIUS Authentication capacity * 


* available as script 
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QoS Applications 


VoIP Call Capacity 
VoIP Service Assurance 
QoS Service Differentiation * 


VoIP Roaming 


* available as script 
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Muni WiFi Mesh Applications 


“Mesh client capacity 

“Mesh VoIP call capacity 

“Mesh Throughput per hop 

“Mesh Forwarding Rate per hop 

“Mesh Latency per hop 

“Mesh Backhaul Failover (self-healing) 

“Mesh Backhaul Impairment Performance: Throughput 
“Mesh Backhaul Impairment Performance: Latency 
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802.11 Hybrid testing 


+ Hybrid testing facilitates interoperability testing with WLAN 802.11 
client devices 


“ Hybrid testing provides a controlled environment that allows the user to 
define a traffic model 


“ Key Focus Areas 
e VOWLAN handsets 
e RFID tags 
e Laptop / PC clients 
e Mixed residential scenarios 
e Healthcare environments 
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Conclusions 


WLAN technology is one of the faster growing networking technologies. 


Wireless LAN technology provides a very good business model as it 
uses free unlicensed frequencies and provides a wireless last hop to IP 
networking which is free too. 


+ Though WLAN protocol was initially designed for high bandwidth delay 
insensitive data applications, WLANs today are being used for a wide 
variety of traffic types and applications . 


“Some of the applications of WLANs include, corporate wireless data 
networks, hotspots, medical facilities using VoIP over WLAN phones 
and badges, department stores using wireless barcode scanners, 
consumer electronics using wireless communications like wireless TVs, 
wireless cameras. 


< The wide variety of applications and the sheer volume of deployments 
creates huge performance , scalability and QoS testing needs for the 
NEMS and the service providers 
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VeriWave’s Mission 


4 Enable the creation of high performance WLAN systems for 
mission critical enterprise and municipal wireless applications: 


e Providing WLAN equipment manufacturers with the tools necessary to 
accurately analyze their products thus improving performance, 
interoperability, and profitability 


e Supplying service providers and enterprise users with the tools necessary 
to make the right choice when selecting WLAN equipment for deployment 
in their networks 
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VeriWave’s Technological Focus 


Client Experts - stateful behavior, real 802.11 clients 
“Loading and scalability of infrastructure devices 
Mobility - large scale and repeatable roaming test 


Technology & apps convergence 
e Wireless and wired 
e Voice 
e QoS — prioritization, admission control, bandwidth utilization 
e Muni WiFi Mesh networks 
e Security 
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VeriWave — efficiency gains & cost reductions 


4 Reduce test time from days to minutes 


+ Increase test coverage 
+ Decrease time to market 


+ Reveal bugs early in QA cycle 


“Get to root cause & solve problems faster 

+ Avoid pitfalls when testing with off-the shelf i => | 
clients 

+ Run hundreds of tests unattended 

+ Uninterrupted operation for extended periods of ETA 
time 

Complete control over large scale deployment 


scenarios 
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